Talk:Infostealer/GA1

Latest comment: 6 days ago by Crisco 1492 in topic GA Review

GA Review

edit
GA toolbox
Reviewing

Article (edit | visual edit | history) · Article talk (edit | history) · Watch

Nominator: Sohom Datta (talk · contribs) 14:42, 17 August 2024 (UTC)Reply

Reviewer: Crisco 1492 (talk · contribs) 14:33, 24 November 2024 (UTC)Reply


Image review

edit
  • No images.

Prose review

edit
  • Article seems a bit top heavy. Any way to refine the lede a bit more?
  • often for amounts as low as $10 - What currency?
  • Overall, prose is very tight in the article body.

Comprehensiveness

edit
  • Article feels very ahistorical. You mention that some of the earliest infostealers were detected and researched in 2009, but there are also statements like "The management interface, usually written in traditional web development languages like PHP, HTML, and JavaScript,[2] is typically hosted on the commercial cloud infrastructure". Given that commercial cloud infrastructure has only been a thing in the past decade or so, obviously there has been a shift in typical infostealer behaviour, but one doesn't get how that happened. Is there perhaps any historical information that could be added?
  • A couple things in the sources seem potentially beneficial. The fact that there are desktop interfaces, rather than web-based ones, and the lag between implementation and blacklisting both seem relevant.
  • Other than that, article seems comprehensive enough.

Source review

edit
  • Sources section should be alphabetized.
  • Mind the order of references. For example, you have [11][6] at one point.
  • Spotcheck:
  • 2a: Supported. "All analyzed panels are built with PHP, HTML, and JavaScript, and their core functionality focuses on credential theft. The panels use SQL-based databases to store information about the bots and stolen data."
  • 2b: I'm not seeing this on pages 508/509
  • 4b: Not fully supported. Our article says "Additionally, they are often bundled with compromised or malicious browser extensions, infected game mods, and pirated or otherwise compromised software." The source says "Malicious actors infect victims with infostealer malware using (most frequently) phishing emails, cracked and pirated software, game cheating packages, browser extensions, and cryptocurrencyrelated software[10, 20]." Although that supports most of the statement, "game cheating packages" is not a synonym of "game mods" (at least as one would access via Nexus and other platforms). A cheating package may also include a trainer or another memory-editing program like Cheat Engine.
  • 6b: Supported
  • 14a: Supported.

Conclusion

edit